View this email in your browser

Thursday, August 12, 2021

A selection of the top articles and videos from the last week on Don't forget to check back regularly for daily updates from around the globe.

If you like SecurityBuzz, why not forward it to some friends or share the online version?

Until Next Time! 👏


Why the Evolution of Zero Trust Must Begin with Data Protection

11-Aug-21   |   By James Christiansen   |   In Netskope , Data Protection

The need for “Zero Trust” today is no longer the same as what we talked about years ago when the term was first coined. Back then, businesses only had a handful of remote workers signing in to the corporate network. The common wisdom of the day dictated that you couldn’t implicitly trust the authentication of those remote users any longer because they weren’t on the company LAN and the common solution was installing two-factor authentication.

Read More

Key Insights into Gartner Hype Cycle for Application Security 2021

11-Aug-21   |   By Harshit Agarwal   |   In Appknox , Application Security

Gartner Hype Cycle started as a graphical representation method to represent the adoption, evolution, and maturity of new emerging technologies. Over time, it has now transformed into a highly potent and reliable powerhouse of smart insights into how emerging technologies will evolve in the future. Apart from offering insights into the evolution of the new and emerging technologies in the coming years, the Hype Cycle also paves way for smart investments in various technologies and market intelligence to choose the best tools for mid-market and enterprises on emerging technologies.

Read More

6 Examples of Essential Cybersecurity Policies for Businesses

11-Aug-21   |   By Phoebe Fasulo   |   In SecurityScorecard , Risk Management

Every year, more than 34 percent of organizations worldwide are affected by insider threats. For that reason, cybersecurity needs to be a priority and concern for each employee within an organization, not only the upper-level management team and IT professionals. Employees tend to be the weakest link in an organization’s security posture, often clicking on malicious links and attachments unintentionally, sharing passwords, or neglecting to encrypt sensitive files. An effective way to educate employees on the importance of security is through a cybersecurity policy that explains each employee’s responsibilities for protecting systems and data within the organization.

Read More

How to Use Nmap

11-Aug-21   |   By Kaushik Sen   |   In UpGuard , Networks

If you’re looking for a free network discovery tool, you’ve probably heard of Nmap. Nmap, short for Network Mapper, is a multi-purpose tool commonly used for penetration testing to give you a granular view of your network’s security. Its capabilities extend to collecting information and enumeration and detect vulnerabilities and security loopholes. You can also use the tool to find live hosts on a network, perform operating system (OS) detection, traceroute, version detection, ping sweeps, and carry out port scanning. Precisely why Nmap is also known as the sysadmin’s Swiss Army knife.

Read More

Conti Ransomware - IOC's identified to hunt these threats

11-Aug-21   |   By Cyberint Research   |   In Cyberint , Malware

Believed active since mid-2020, Conti is a big game hunter ransomware threat operated by a threat group identified as Wizard Spider and offer to affiliates as a ransomware-as-a-service (RaaS) offering. Following the lead of other big game hunter ransomware groups, Conti adopted the double extortion tactic, also known as 'steal, encrypt and leak', in order to apply additional pressure on victims to pay their ransom demands and avoid sensitive or confidential data being exposed.

Read More

The Identity Brief: A Conversation with an Ethical Hacker

11-Aug-21   |   By Ben Goodman ·   |   In ForgeRock , Digital Identity

Our first two guests on the Identity Brief Podcast came to identity through unconventional means. Ori Eisen saw digital identity and passwordless authentication as a way to fight the fraud he had witnessed while working at a large bank. Ari Jacoby realized that contextual identity and authentication data was a powerful tool to fight fraud at Deduce where he saw bots and fraudsters trying to gain an advantage. Our latest guest got into the identity game after learning how to exploit systems as an ethical hacker and found humanity in the technology along the way.

Read More

Which Vendors Should Be on Your SIEM Tools List?

11-Aug-21   |   By Devo   |   In Devo , Logging

Whether your organization is ready to deploy its first security information and event management (SIEM) solution or you’re looking to upgrade to a modern, next-gen cloud-native SIEM, the number and types of tools available in the market can be overwhelming. This post will help you choose the right vendor and best SIEM tools for your business needs. SIEM tools have been available for about 15 years, but like most technologies, there has been a great deal of evolution and innovation over that time. That’s good because there certainly has been constant evolution and innovation by cyberthreat actors and the tools they use to compromise systems, steal or destroy data, or hold it for ransom.

Read More

Web application security explained: reviewing WAS testing, best practices, and tools

10-Aug-21   |   By Mark Stone   |   In AT&T Cybersecurity , Application Security
AT&T Cybersecurity

In today’s corporate environment, business is predominantly conducted online. Most organizations have a website or some type of web application that functions as the hub of their online operations.In today’s corporate environment, business is predominantly conducted online. Most organizations have a website or some type of web application that functions as the hub of their online operations. Business websites and online applications are necessary for an abundance of important functions — marketing, sales, branding, and much more. If your website is attacked and forced to go down, the impact on your business can be significant.

Read More

Are You Prepared to Better Protect Against SANS' Top Attacks and Threats?

10-Aug-21   |   By Andy Gepert   |   In ThreatQuotient , Cyberattacks

The SANS 2021 Top New Attacks and Threat Report is now available for download, covering the security trends and top threats to watch for as the world emerges from the pandemic. Presented at the SANS threat expert panel discussion held during the RSAConference 2021 Virtual Experience, the top attack category the report highlights is supply chain attacks – and with good reason.

Read More

Keep infrastructure as code secure with Synopsys

10-Aug-21   |   By Ashutosh Kumar   |   In Synopsys , Application Security

Infrastructure as code is a key concept in DevOps for cloud deployments. Learn how to secure it using Rapid Scan SAST. It was not long ago when we needed to submit an IT support ticket to help launch infrastructure configurations (virtual machines, networks configurations, load balancers, databases, etc.) every time we needed to deploy a new application. It worked when we needed those less frequently, but it was not easily scalable. And you might remember the reproducibility hassles as well: “This application worked on my system, but how is it failing on yours?”

Read More

Cyber Attacks and Their Impact on the Company

10-Aug-21   |   By Denitsa Stefanova   |   In LogSentinel , Cyberattacks

A recent study reveals that cybercrime costs the world economy more than $1 trillion, a more than 50 percent increase from 2018. Damage to companies also includes downtime, brand reputation, and reduced efficiency. Besides installing anti-malware software to protect against cyberattacks, however, there is other security software to consider. One option is a SIEM (Security Information and Event Management) solution. SIEMs provide centralized management for security information and events, detecting and managing security incidents, and correlating data from multiple sources.

Read More

How Tripwire State Analyzer Can Help You to Comply with NERC CIP

09-Aug-21   |   By Richard Springer   |   In Tripwire , Compliance

Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation (NERC), CIP is a set of requirements through which in-scope entities can protect themselves against digital attacks, thereby strengthening the reliability of the U.S. electric grid overall.

Read More

Don't Let the 'I Quit' Economy Slow Down Your Enterprise

09-Aug-21   |   By Tim Bedard ·   |   In ForgeRock , Digital Identity

Over the past year and half, we have been glued to our computers, attending back-to-back Zoom meetings and trying to find a “new” work-life balance at home. Blurring work-life boundaries have led to higher stress, isolation, and burn-out. As a result, people have had a lot of time to think and reflect on their lives. Prior to the pandemic, people made work the center of their lives and identities – a reality that has shifted. The new reality is people want a life that has purpose outside of work. Combined with the abundance of stimulus checks, unemployment benefits, and flexible remote work schedules, people have accelerated their need for change.

Read More

Ransom Attacks & Supply Chains :The Soft Underbelly of Secure Enterprise Systems

09-Aug-21   |   By Veriato   |   In Veriato , Cyberattacks

The Veriato podcast guest for this month is Michael Owens, the Business Information Security Officer at Equifax and an all around rockstar when it comes to cybersecurity. He joins Dr. Christine Izuakor to discuss how supply chains are like the "soft underbelly" to gain access to otherwise secure enterprise systems.

View Video

Why penetration testing needs to be part of your IoT security

09-Aug-21   |   By Debrup Ghosh   |   In Synopsys , IoT

IoT devices are ubiquitous in our daily lives—whether it’s at home with connected home automation devices, or at work with connected factories, hospitals, and even connected cars. According to Gartner, there were over 20 billion IoT devices in 2020. As businesses globally over the past decade have transformed their processes with more embedded IoT-driven intelligence, these billions of connected devices have also become a soft target for cyber criminals.

Read More

Getting Application Security Back on the Rails

09-Aug-21   |   By Lamar Bailey   |   In Tripwire , Application Security

In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This broad term covers enterprise applications, consumer applications, and even phone apps. Security is important in all these types of applications, but the focus is not always the same. Let’s explore how below.

Read More

Kubernetes Hardening Guidance Summary

09-Aug-21   |   By Jonathan Kaftzan   |   In ARMO , Containers

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. This 52-page cybersecurity technical report offers practical guidance for admins to manage Kubernetes securely, focusing on the common three sources for a compromised Kubernetes environment.

Read More

How To Build A Secure Open Source API Program

09-Aug-21   |   By Jessica Watson   |   In Appknox , API

API security is one of the most important aspects of cybersecurity. The rise of new technologies like microservices, cloud-native applications, IoT devices, single-page applications, serverless, and mobile has led to increased use of APIs. Any internal application elements are now APIs connecting with one other through a network. A game API lets your applications and web services communicate with one another and share information such as rules, settings, specs, and data. These APIs are used to distribute and embed game content and interact with libraries, apps, operating systems, consoles, and more.

Read More

What is HECVAT and Why is it Important?

09-Aug-21   |   By Kasey Hewitt   |   In SecurityScorecard , Cyberattacks

Higher education has increasingly been attracting the attention of cybercriminals. In March, the FBI released an advisory in response to a barrage of ransomware attacks on schools, and Inside Higher Education recently reported that colleges and universities are becoming favorite victims of bad actors. It's not just colleges themselves that are being targeted; their vendors and third parties are being attacked in the hopes of compromising an institution’s data. Just last year, several colleges and universities suffered a ransomware attack through a third-party cloud storage provider.

Read More

How to Comply with Facebook's New Data Protection Assessment

09-Aug-21   |   By Emily Heaslip   |   In Nightfall , Data Security

Recently, Facebook announced a new initiative aimed at protecting how its users’ data is managed across its platforms: the Data Protection Assessment. The assessment consists of a questionnaire for apps that access advanced permissions and specifically focuses on how developers protect, share and use platform data. The new Data Protection Assessment went into effect at the end of July, which means that developers need to be aware of the questionnaire’s standards and requirements for any new releases moving forward. Specifically, the assessment seeks to understand how a user’s data will be used, why the data is needed, and when it will come into use.

Read More

What is Doxing? How to protect yourself from internet humiliation.

09-Aug-21   |   By Edward Kost   |   In UpGuard , Cyberattacks

Doxing is the act of publishing private or identifying information about an individual or organization on the internet. Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing. Doxing is sometimes spelled as Doxxing. Though doxing primarily involves dumping confidential information on a publicly accessible website, this isn't always the case. Because doxing is linked to the misuse of private information, social engineering techniques are still classified as doxing because the seized sensitive data is then used to launch cyberattacks.

Read More

What is PGP encryption? How it works and why it's still reliable.

09-Aug-21   |   By Edward Kost   |   In UpGuard , Encryption

PGP encryption (Pretty Good Encryption) is a data encryption program used to authenticate and provide cryptographic privacy for data transfers. PGP encryption is used to secure all forms of data and digital transmissions. It's capable of encrypting and decrypting: PGP is a quick-to-implement and cost-effective encryption method.

Read More

PetitPotam - NTLM Relay Attack

08-Aug-21   |   By Cyberint Research   |   In Cyberint , Active Directory

Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used. Similar to classic in-the-middle (ITM) or replay attacks, PetitPotam applies similar concepts to its relay attack.

Read More

Five worthy reads: The never-ending love story between cyberattacks and healthcare

06-Aug-21   |   By ManageEngine   |   In ManageEngine , Cyberattacks

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the legacy between the healthcare industry and cyberattacks, the vulnerable points in the healthcare system, and how risks can be mitigated. Did you know that for 10th year in a row, the healthcare industry has seen the highest impact from cyberattacks of any industry? Recent research shows that a breach can cost an average of $7.1M for organizations in the healthcare industry.

Read More

Shadow IT: What Are the Risks and How Can You Mitigate Them?

06-Aug-21   |   By Ekran   |   In Ekran , Insider Threats

Using unapproved tools, software, and devices is risky. You never know what vulnerabilities so-called shadow IT may have. The pandemic that began in 2020 put a new spin on the shadow IT problem. The sudden need to handle all processes remotely was a true challenge, since the majority of corporate networks were not configured to be safely accessed by employees from home.

Read More

Advancing Cybersecurity with Data Lakes

06-Aug-21   |   By Devin Partida   |   In Logsign , Analytics

As companies generate an ever-increasing amount of data, security information and event management (SIEM) becomes increasingly challenging. Cybersecurity professionals have more to manage, and as cybercrime rises, there is less time to do so. While big data poses challenges for security teams, it also presents an opportunity. As of 2019, 52.5% of organizations worldwide have been using big data, with another 38% planning to do so in the future. That means companies have a rapidly growing store of information at their disposal: information that can help improve incident response. You can capitalize on this wealth of information with a cybersecurity data lake.

Read More

What Are Vishing Attacks?

06-Aug-21   |   By Reciprocity Labs   |   In Reciprocity , Fraud

Cybersecurity attacks come in all sorts of ways and from all directions, so perhaps we should not be surprised at one of the latest trends in thieves trying to steal your organization’s data — “vishing” attacks, where they use the plain old telephone.

Read More

What is the Difference Between Vulnerability Assessment and Penetration Testing?

06-Aug-21   |   By Reciprocity Labs   |   In Reciprocity , Penetration Testing

A vulnerability assessment is the process of identifying IT security weaknesses in your network, operating systems, firewalls, and hardware, and then taking steps to fix them. Penetration testing, also known as “pen testing,” is an intentional, simulated cyberattack against your IT systems to find vulnerabilities and test the efficacy of cybersecurity controls. Both are essential components of a comprehensive vulnerability management and network security protocol. The two terms may seem interchangeable, but differences exist. So what is penetration testing, and how does it differ from vulnerability assessment?

Read More

9 migration considerations to help rein in content sprawl

05-Aug-21   |   By Lyza Latham   |   In Egnyte , Content Management

The past year and a half has posed unprecedented challenges to society, at every level. For companies adjusting to a more distributed workforce, with newly remote workers and no central place of business to anchor their teams, the corresponding flood of unmanaged content and shadow IT has been a serious test of their organizational fortitude. For these companies, business-critical content can go unchecked, dispersed between the cloud and corporate hard drives—a scenario known as content sprawl. At Egnyte, we see customers large and small grapple with these challenges, and we’ve worked with them to solve some of the most complex content management issues businesses face today.

Read More

DevOps vs. Agile: What Is the Difference?

05-Aug-21   |   By Alfrick Opidi   |   In WhiteSource , DevOps

DevOps and Agile are popular modern software development methodologies. According to the 14th Annual State of Agile Report, 95% and 76% of the respondents stated that their organizations had adopted Agile and DevOps development methods, respectively. Interestingly, both approaches have the same aim: deliver the end product as efficiently and quickly as possible. Despite the popularity and shared goals of Agile and DevOps methodologies, there is often confusion about what differentiates them from each other. While most organizations are eager to deploy these development practices, they often struggle with the best approach to adopt.

Read More

How Social Norms Can Be Exploited by Scammers on Social Media

05-Aug-21   |   By Martina Dove   |   In Tripwire , Fraud

Social media platforms are excellent hunting grounds for scammers. This is where we connect with our friends or people who we have something in common with. This is precisely what scammers exploit—our connections and the trust that is afforded between friends or acquaintances. From an early age, we are taught to be kind and compassionate as well as to help others, especially people we know such as friends and family. In turn, they will help us if we ever need it. This is a socially desired behavior. Most people think and operate in this way.

Read More

Hunting for threats in multi-cloud and hybrid cloud environments

05-Aug-21   |   By Sumo Logic   |   In Sumo Logic , Cloud
Sumo Logic

In today's environment, security teams face a pervasive threat landscape, with the expectation that some threat actors will be successful in bypassing perimeter defenses. To deal with this, security teams must learn how to actively hunt down threats, both outside and inside the perimeter, using solutions, such as Sumo Logic’s Cloud SIEM Enterprise and Continuous Intelligence Platform. At the Modern SOC Summit, Darren Spruell, Senior Threat Analyst on the SpecOps team at Sumo Logic, presented a set of best practices and insights that leverage the experience of the SpecOps team using Sumo Logic tools to explain how to successfully hunt for threats in hybrid environments, including on-premise and single or multiple clouds.

Read More

Securing AWS IAM with Sysdig Secure

05-Aug-21   |   By Alba Ferri   |   In Sysdig , Access Management

Last year’s IDC’s Cloud Security Survey found that nearly 80 percent of companies polled have suffered at least one cloud data breach in the past 18 months. The top three cloud security threats are security misconfiguration of production environments (67 percent), lack of visibility into access in production environments (64 percent), and improper IAM and permission configurations (61 percent) According to the Cloud Native Security White Paper, in the Identity and Access Management section, it claims applications and workloads should be explicitly authorized to communicate with each other using mutual authentication.

Read More

What is HTTPS?

05-Aug-21   |   By Catherine Chipeta   |   In UpGuard , Networks

HTTPS (Hypertext Transfer Protocol Secure) is a secured version of HTTP (Hypertext Transfer Protocol). HTTP is a protocol used to transfer data across the Web via a client-server (web browser-web server) model. HTTPS encrypts all data that passes between the browser and server using an encryption protocol called Transport Layer Security (TLS), preceded by Secure Sockets Layer (SSL). This encryption renders data undecipherable until a site owner unlocks it, allowing users to share sensitive data, such as passwords and other personal information, safely and securely over the Internet or a network.

Read More

Manual security testing services vs. automated AppSec tools: Which to use?

05-Aug-21   |   By Anna Chiang   |   In Synopsys , AST

Manual security testing services and automated AppSec tools have their place in DevOps. Knowing which to use will make your security efforts more effective. AppSec tools that can quickly identify secrets or sensitive data accidentally (or intentionally) inserted in source code are crucial in automatically scanning millions of lines of code to find critical security issues. But even the best automated AppSec tools can’t find all security vulnerabilities, especially the ones that require hacking into a website or system architecture. This is where manual testing of business logic flaws in web apps and threat modeling of system designs is necessary.

Read More

Kubernetes API Access Security Hardening.

05-Aug-21   |   By Sakshyam Shah   |   In Teleport , API

In a Kubernetes cluster, Control Plane controls Nodes, Nodes control Pods, Pods control containers, and containers control applications. But what controls the Control Plane? Kubernetes exposes APIs that let you configure the entire Kubernetes cluster management lifecycle. Thus, securing access to the Kubernetes API is one of the most security-sensitive aspects to consider when considering Kubernetes security. Even the recently published Kubernetes hardening guide by NSA also suggests to “Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface” as one of the essential security measures to consider while securing the Kubernetes cluster.

Read More
Copyright © 2021 OpsMatters, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp